If recent news of lethal and stealthy cyber crime attacks on computers via Internet Explorer persuaded users to move to Firefox, well, it may be time to switch yet again. Maybe Opera, Chrome, or Safari will provide a few months free of sky is falling news of exploits that silently infest computers. Then again, maybe the attackers are already exploiting vulnerabilities in these web browsers that the information security press does not know. Or, maybe next week, attackers will start to exploit some unknown vulnerability in your web browser of choice that security gurus won’t discover for months.I’d like to point out that the ‘good news’ of this week’s news regarding Mozilla Firefox 3.5 is that at least it is known. The really scary scenario is when attackers exploit a vulnerability for months without any of us knowing they are doing so. That would leave millions of computers exposed to attacks whenever the visit a seemingly safe website.

But, remember with web 2.0, rarely does one come across a homogoenous web page on a high volume website. Today, any one page may consist of content from who knows how many different web servers. And as we learned last month, cyber criminals have methodically compromised 100,000’s of legitimate web servers to dish out zero-day attack code to visiting computers. Fortunately, web masters are getting the word and removing the zero-day attack code from their servers.

As workarounds go, the Firefox 3.5 workaround that reduces risk until a security patch is available is a pretty good one. Typical workarounds involve disabling the capability that is vulnerability, leaving anything dependent upon it completely dead. In this case, the workaround sacrifices only the improved web browsing speed delivered with Firefox 3.5 because the tracemonkey component that produces the improved performance must be deactivated. So, Firefox 3.5 users that do this merely experience a slow-down to Firefox 3.0 performance. Contrast this workaround with the recent Internet Explorer exploits that required the disabling of Internet Explorer capabilities.

Question from AppGuard and EdgeGuard Security Software Users

Does AppGuard and EdgeGuard enable me to safely use Firefox 3.5 without disabling tracemonkey? Yes. The same applies for those ActiveX controls in Internet Explorer or any other application capable of using them. Firefox and Internet Explorer are guarded by default.

AppGuard also guards Firefox and Internet Explorer in privacy mode to prevent them from stealing, destroying, or encrypting/ransoming sensitive or value files or documents (e.g., tax records, family photos, intellectual property, etc.) when attacked.  We call this “privacy mode”.

None of the 2009 zero-day attack exploits on Firefox, Internet Explorer, Opera, Safari, Chrome, or Microsoft Office vulnerabilities would have slipped past AppGuard or EdgeGuard.

Posted: Wednesday, July 15th, 2009 - Endpoint Security
RSS 2.0 - Comment - Trackback